Privacy Policy
Last updated: April 9, 2026
We believe civic engagement shouldn't cost you your privacy. Here's exactly what we collect, why, and how we protect it.
1. Data We Collect
We collect the minimum amount of information needed to connect you with your elected representatives and keep you informed.
| Data Type |
When Collected |
Why We Need It |
| Email address |
When you join the waitlist or create an account |
Account access, bill alerts, service updates |
| Name |
When you create an account |
Personalize your experience |
| Home address |
When you look up representatives |
Match you to your elected officials |
| Phone number (hashed) |
If you provide it during account creation |
Optional: SMS bill alerts. Stored as a one-way hash — never in plaintext. |
| Political interests |
When you follow topics or bills |
Personalize bill alerts and rep recommendations |
| Messages sent |
When you send a message to a representative |
Deliver your message; track delivery confirmation |
| Pageviews & session data |
Automatically on each visit |
Analytics: understand how people use Civiums so we can improve it |
| IP address (hashed) |
Automatically on each request |
Abuse prevention and rate limiting. Stored as a short hash — not linkable to you. |
We don't collect: Social Security numbers, financial information, government ID, or any sensitive personal categories not listed above.
2. How We Use Your Data
We use the information we collect for these specific purposes:
- Representative matching — Your address is used to identify the elected officials who serve your district at federal, state, and local levels.
- Bill alerts — Your email (and optionally phone hash) is used to notify you when legislation you care about advances.
- Message delivery — When you draft a message to a representative, we facilitate its delivery via the rep's official contact channel.
- AI summaries — Your interactions with the Civiums AI assistant improve its ability to answer civic questions. Chat messages are processed by our AI provider to generate responses.
- Product improvement — Aggregate, anonymized pageview and usage data helps us understand which features are valuable.
- Service communications — We send transactional emails (account confirmations, alerts you subscribed to). We will not send unsolicited marketing unless you explicitly opt in.
- Security and fraud prevention — Hashed IP data and usage patterns help us detect and block abuse.
3. We Never Sell Your Data
Your personal information is never sold, rented, or traded to third parties — full stop. This includes your email, name, address, political interests, and any messages you've sent.
We are a civic engagement platform, not an advertising platform. We have no business model that depends on monetizing your personal data. The only way we share data with third parties is:
- Service providers — Infrastructure partners (hosting, database, email delivery) who process data solely on our behalf and under strict confidentiality agreements.
- AI processing — Chat messages are sent to our AI provider to generate responses. This provider is contractually prohibited from using your data to train models or for any purpose other than generating your response.
- Legal requirements — If required by valid legal process (court order, subpoena), we will comply and notify you when legally permitted to do so.
- Your explicit consent — If you instruct us to share your information (e.g., when sending a message to a representative), we act on your instruction.
4. How We Use Your Address
Your home address is used for one purpose: matching you to your elected officials.
Specifically:
- Your address is passed to the Google Civic Information API (or equivalent public data sources) to identify which districts you live in.
- We may cache the results of that lookup to avoid repeated API calls, but the address itself is not stored permanently unless you have a registered account and choose to save it.
- Your address is never used for advertising, sold to data brokers, or shared with political organizations or campaigns.
- You can delete your saved address at any time by deleting your account or contacting us.
5. Phone Number Hashing
If you provide a phone number (entirely optional), we store it as a one-way cryptographic hash, not in plaintext.
This means:
- We cannot read or recover your original phone number from what we store.
- We cannot share your phone number with third parties because we don't have it.
- The hash is used only for identity confirmation and optional SMS alert delivery (via a transactional SMS provider).
- If you request account deletion, the hash is permanently removed.
6. Cookies & Tracking
What we use
Civiums uses minimal, functional tracking:
- Local storage — We store a random visitor ID (
polsia_vid) and session ID (civiums_landing_session) in your browser's local storage. These are randomly generated identifiers — they are not linked to your real identity.
- First-party analytics beacon — When you visit Civiums pages, we log the page path, referrer, and the anonymized visitor ID. This is used for product analytics (e.g., "how many people visit the homepage"). We do not use Google Analytics or other third-party tracking.
- Session cookies — If you log in, a session token is stored in a secure, HttpOnly cookie to keep you authenticated.
What we don't use
- No advertising cookies or pixel trackers
- No cross-site tracking
- No third-party behavioral analytics
- No fingerprinting
You can clear your browser's local storage at any time to remove the visitor ID. This will not affect your Civiums account.
7. Data Retention
We keep your data only as long as necessary:
- Account data (email, name, preferences) — retained for the life of your account, then deleted within 30 days of account deletion.
- Address lookups — cached results retained for up to 7 days, then purged.
- Messages sent to representatives — retained for 90 days for delivery confirmation, then deleted.
- Pageview / analytics data — anonymized and aggregated; individual records retained for up to 12 months.
- Waitlist entries — retained until you request removal or until Civiums launches, whichever comes first.
When we delete data, we delete it from all systems including backups within 60 days.
8. How to Delete Your Account
You can request full deletion of your account and all associated personal data by:
- In-app — Go to Settings → Account → Delete Account (once the full app is live).
- Email — Send a deletion request to civiums@polsia.app from the email address associated with your account.
We will confirm deletion within 5 business days. All personal data will be permanently removed within 30 days, except where retention is required by law.
For waitlist removal, email us and we'll remove you immediately.
9. California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) grant you specific rights regarding your personal information:
Your rights
- Right to Know — You have the right to request disclosure of the categories and specific pieces of personal information we have collected about you.
- Right to Delete — You have the right to request deletion of your personal information, subject to certain exceptions.
- Right to Correct — You have the right to request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing — We do not sell or share your personal information. No opt-out is necessary, but you have this right.
- Right to Non-Discrimination — We will not discriminate against you for exercising any of your CCPA/CPRA rights.
- Right to Limit Use of Sensitive Personal Information — We only use sensitive personal information (such as address) for the purpose you provided it (representative matching).
How to exercise your rights
Submit a request by emailing civiums@polsia.app. We will verify your identity and respond within 45 days. We do not charge a fee for these requests.
Categories of personal information collected
Per CCPA categories, we collect: identifiers (email, name), internet or other electronic network activity (pageviews), geolocation data (address for rep matching), and inferences drawn from this information (representative matches).
10. Email Communications (CAN-SPAM)
We comply with the CAN-SPAM Act. Here's what that means for you:
- Every marketing email we send includes a clear, working unsubscribe link.
- We honor unsubscribe requests within 10 business days.
- We identify ourselves clearly in the "From" and "Reply-To" fields.
- We do not use deceptive subject lines.
- Our physical mailing address is included in every commercial email.
Transactional emails (account confirmations, password resets, bill alerts you subscribed to) are not subject to opt-out since they are necessary to deliver the service you requested.
To unsubscribe from all marketing communications, click the unsubscribe link in any email or contact us at civiums@polsia.app.
11. Children's Privacy
Civiums is not directed at children under 13. We do not knowingly collect personal information from children under 13. If you believe a child under 13 has provided us with personal information, please contact us at civiums@polsia.app and we will delete it immediately.
12. Changes to This Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Update the "Last updated" date at the top of this page.
- Send a notification email to registered users.
- For significant changes, we may require you to re-acknowledge the updated policy.
We encourage you to review this page periodically. Continued use of Civiums after changes take effect constitutes your acceptance of the updated policy.